SDK

The SOAR SDK allows you to create apps in the container and extension formats.

The SOAR SDK provides the template files to develop your app and specify how to run your app in a container. Containers run Python 3.6.8 and a framework that automatically manages authenticating and connecting to the STOMP connection and REST API in the SOAR Platform. It simplifies creating apps by allowing you to focus on writing the behavior logic.

The SOAR SDK provides the following features:
  • The Python environment and template files with which you write your code. Your code can take the form of a function processor, action processor, or a utility that acts upon data received from a SOAR organization but does not return data to the organization.
  • A dockerfile that provides all the information needed to build a container for the app. You can modify the file in those situations where your app requires additional operating system or Python components. The dockerfile is compatible with Docker or other container management solutions, such as Red Hat® Enterprise Linux® Podman.
  • An apikey_permissions.txt file with a list of permissions to choose from. You can easily select which permissions you need for your app. When your completed app is installed in a SOAR organization, the system automatically generates an API key account with the permissions you specified.
  • A documentation template that prompts you for the information need to generate installation and user instructions.
  • The ability to generate your app in the extension format for earlier versions of the SOAR Platform that do not support the app format.
  • The ability to convert existing extensions to the app format.

If you are familiar with the Resilient® Circuits framework used with extensions, Resilient Circuits is also used with apps but within the container. You do not interact with Resilient Circuits directly.

The SOAR SDK has the ability to create the app in the extension format with the same functionality but for earlier versions of the SOAR Platform that do not support the container-based apps. The SOAR SDK also has the ability to repackage existing extension apps into a container-based format.